Search This Blog

Tuesday, October 12, 2010

Don't be a phish! There are lots of crooks out there and they have lots of bait.

This is not a science post or a worldview post, just a reminder from a friend or foe, however you view me.

Phishing.  Crooks and charlatans trying to get you to do something stupid either by fooling or luring you in some way.  Much of what we call spam these days is not just someone trying to get you to buy something or give to something, they are trying to trick you so they can steal your money or make your computer part of a giant botnet or grab up your passwords and personal information for nefarious ends. Eastern European and Russian mobs set up and tear down spam servers and move them so they are hard to find.  Governments such as Red China may well be participating as a way to bring in more money!

credit

This article covers what is happening right now!  Social sites are also a good place to get cheated!

An excerpt: 

"Phishing. During the first half of 2010, Cyveillance detected a total of 126,644 phishing attacks for an average of over 21,000 unique attacks per month with the volume remaining relatively steady throughout the half. The amount of attacks seen monthly is down compared to the second half of the previous year, but the overall volume confirms that the problem of phishing is still easily one of the top threats on the Internet. Cyveillance identifies phishing as a social engineering scam that relies on both technology and human interaction to carry out online fraud and identity theft. The schemes are varied, but typically involve a spoofed (spam) email that mimics an email from a legitimate and respected organization in order to steal personal information, which is then used for online fraud, identify theft or unauthorized network access purposes.

Malware. The majority of malware threats on the Internet continue to originate within the United States. The country leads in almost every significant malware statistical category. Other developed countries such as China, Canada and the United Kingdom do not provide the same volume of threats as the U.S., but still pose significant danger to Internet users. Cyveillance considers malware to be a file or application downloaded from a website or server that exhibits properties that are both involuntary and malicious in nature. There are many types of malware, ranging from “bot” programs used to launch spam to DoS attacks to keyloggers and backdoor Trojan viruses used for stealing sensitive information or targeting specific SCADA or industrial platform. While all malware presents a threat, the variations used for financial fraud typically cause the most harm to consumers.

All figures and statistics2 in the Cyveillance “1H 2010 Cyber Intelligence Report” are actual measurements rather than projections based upon sample datasets. The cyber intelligence included in this report includes data collected and analyzed between January 1, 2010 and June 30, 2010. For more information or to download the report, please visit: www.cyveillance.com/cyberintelreport-1H10.


Read more: http://www.kansascity.com/2010/10/11/2297786/cyveillance-testing-finds-social.html#ixzz12BmwuOMK"

Currently the latest phishing scam is an email that appears to be from "EFPTS" as in the Electronic Federal Tax Payment System.   The email will give you an official looking number that is associated with your tax return account and indicate that your payment to the IRS was not accepted because, for instance, the company tax code was entered incorrectly.  You then get a link that appears to be an efpts.gov address.   But I could make a link that says efpts.gov and send it anywhere, like that one.  (If you went there it took you to Psalms 61, which will do you no harm).  Lots of people will see this, get worried, and click on the link.  Don't be one of them.

Never ever allow an email to confuse you and convince you that a reputable business or government agency will try to have you send personal information in an unencrypted format.  Do not believe it when you get something like that.  If you know how, examine the header of the email.  Allow your mouse to hover on a link and read where it will actually take you rather than blindly clicking on it, if you can. When in doubt, never do what you are invited to do.  You can always call your bank or credit card firm or government agency or Amazon dot com and ask them if there is a problem with your account but NEVER take an email as authoritative on a subject such as this, no reputable business or organization will be so slipshod as to use ordinary email for personal and private information transmission!

For those of you who cannot afford web filtering, mywot.comhttp://www.mywot.com/ is a great idea for your browser.   Web Of Trust is a free credentials and rating web filtering site that is completely free.   It is not perfect, as trolls can attack a perfectly good site with bad ratings trying to keep people from going there.  But it is free and usually reliable.  It will add a green circle at the top of your browse and, well, this is their language:

"WOT is the safe surfing tool for every member of your family

WOT’s traffic-light style rating system can be understood by the smallest of web surfers. Green means safe, yellow means caution and red means stop. It’s easy, and it’s free. Get WOT now."

Darwinist trolls have attacked very reputable creationist and intelligent design sites with bad ratings because they fear the truth.  The good thing about Web of Trust is that, before going to a red circle site a warning page comes up to clue you in to the warnings about the site.  If you want to keep going, well, you have been warned first.  A Canadian veterinary products page is rated poorly because US veterinarians want you to have to have your dog tested for heartworms every year and so they attack that site.  It allows you to buy heartworm pills without prescriptions.

This is an aside, but laboratory testing has shown that in all but the most desperate of cases simply giving a dog a heartworm pill every month will prevent heartworms and, if he has them, a pill once a month will slowly and safely kill off any heartworm that is growing within him/her.   The normal practice of poisoning your animal half to death and keeping him quiet for six weeks or so is completely bogus and is the one thing that irritates me about veterinarians.   They all know the truth but they like the income from the heartworm tests.

I hope you all realize that you need a good anti-malware solution on your computers.  If you have a wireless network you should use the basic firewalling and security that is provided by the router.   You should use your software firewall on your computer.  You need to do disk cleanup and disk defragmentation on a regular basis.  There are plenty of things you can do to keep you computer running properly.  Finally, remember that any "free" music downloads program is opening a tunnel directly from your computer to their server via FTP protocol or in some other way drilling a hole right through your security in order to get something like a "free" song or album.  But you might get a great deal more than you bargained for doing that! 

It is also wise to wait at least one day after Microsoft publishes its weekly updates (Tuesday in my corner of the world) before you load them.  That way if they have sent out something that kills a program or has a major security hole or causes computers to crash you will see the news and NOT download that particular update.  You can wait until they publish the next one.  Remember, if Tuesday is MS download day, then Wednesday is when you check the news before actually installing them.

Now, lets review.  No one in Africa wants to send you millions of dollars.  You did not win a lottery from Great Britain that you never even entered.  Paypal is not going to send you a notice asking to send in your personal information and neither is your bank or the US Government (not yet, anyway).   An incredibly hot woman (or man as case may be) is NOT longing to connect with you out of the blue.  Nobody is sending you an amazing picture of some random celebrity that you must click on RIGHT NOW before it is taken down. 

You may be getting emails from a friend and you recognize the email address as real.   They send you a link to see a picture or go to a really cool page.   It is probably spam and if you click on anything you are giving a trojan or worm an okay to download to your computer.   Carefully check on anything that comes from the blue from friends because spammers can "borrow" email addresses and often a program will hijack your friend's address book and blast out phishing attacks to all of those addresses, plus use those addresses to blast more emails.  Often these come with no subject or perhaps "re:" as the subject.  You can just delete those without bothering to read them.  Delete them from your mailbox and then delete them from your deleted items as well.  Take no chances!

Be careful out there!

No comments: